The Australian privacy commissioner and the ACCAN differ on trigger for notification.

The mandatory data breach notification bill, which was introduced in the Parliament in May, could be the catalyst to change Australian business behaviour, according to University of Canberra centre for Internet safety director, Alastair MacGibbon.

MacGibbon made the observation during a recent Websense roundtable, where he characterised the bill as being "good from a consumer point of view."

"I know plenty of strong arguments against it, but it's a start to try change the culture of this country that doesn't have the ability to have open and honest conversation about data breaches," he said.

If the bill passes through Parliament, MacGibbon said it will lead to a situation where a company may not necessarily be the first talk about a bad experience.

"You'll likely be exposed by someone, maybe by the media, and then you go through this horrible process of denial and then acceptance," he said.

When speaking with large companies, MacGibbon said that some already support the introduction of the purport of the bill.

He said that's because most of these companies realise it is inevitable and "it's just a way of doing business."

"The breach of personal identifiable information is just one part of the problem," he said.

"They need to look at this as the start of a journey of open discussion rather than it being a solution to the issue."

Speak no evilMacGibbon admits that there have been very few conversations in Australia about businesses disclosing breaches, and there are countries that are further along in this regard.

"What we should be acknowledging that these technologies have huge benefits for business, but there are also downsides in the shape of security problems and privacy breaks," he said.

As for why it has been difficult to get businesses to talk about this issue, MacGibbon said it is "just the way we do business" in Australia.

"It is a cultural thing, just like people are different from one nation to the other, in our culture we do not talk about security breaches," he said.